1. Our Approach to Privacy
CyberEco is built on a simple premise: you own your identity, your data, and your narrative. Privacy is not a feature we added later — it is Tenet #3 of our engineering principles ("Privacy by Default") and flows directly from Tenet #1 ("Digital Sovereignty").
This policy describes exactly what data the CyberEco Hub collects, why, where it lives, and how you can access, export, or delete it. We aim to be specific rather than vague: everything described here corresponds to how the Hub actually works. The open-source data layer packages (Apache-2.0) are published for inspection; the platform itself is proprietary.
What we do NOT do:
- We do not sell your data. Ever.
- We do not show advertisements or use advertising trackers.
- We do not use third-party analytics or behavioral profiling by default. An analytics preference exists in your privacy settings and is off by default (opt-in).
- We do not run "engagement optimization" — no dark patterns, no addictive mechanics.
2. Data We Collect
2.1 Account data
When you create an account, we store a user profile document (users/{uid} in our database) containing:
- Email address
- Display name
- A unique user identifier (UID) generated by Firebase Authentication
- Account timestamps (creation, last sign-in)
- The list of ecosystem apps you have connected
Your password is never stored by CyberEco — authentication is handled by Firebase Authentication, which stores credentials securely on Google's infrastructure.
2.2 Data you create
Content you create while using the Hub and connected apps: expenses, expense groups, settlements, transactions, notifications, group memberships, and sharing permissions. This data belongs to you (see Section 6).
2.3 Preferences, settings, and consent records
- Privacy settings: data retention preference, analytics opt-in (default: off), third-party sharing preference (default: off), profile visibility
- Consent records: when you accept or decline terms, privacy, cookies, marketing, or data-processing consent, we store a timestamped record so we can prove and honor your choices
- Interface preferences: theme and language (stored locally on your device — see Section 5)
2.4 Security and audit logs
For your protection, we record security-relevant events in append-only audit logs: sign-ins, data exports, and permission changes. These logs exist so you can see what happened in your account (visible in your Security page) and so unauthorized access can be detected. They are intentionally immutable — audit records cannot be edited, which is a security property, not a data-hoarding one.
We also receive Content Security Policy (CSP) violation reports from browsers, which contain technical information about blocked scripts, not personal content.
2.5 What we do not collect
We do not collect browsing history, contacts, location, device fingerprints, or any data unrelated to the features you actively use. We follow a data minimization principle: only what is necessary for core functionality.
3. Why We Process Your Data (Purpose)
| Data | Purpose |
|---|---|
| Account data | Creating and operating your account; single sign-on to ecosystem apps |
| Data you create | Providing the features you use (expense splitting, groups, notifications) |
| Preferences and consent records | Honoring your choices and proving consent (GDPR compliance) |
| Audit logs | Account security, detecting unauthorized access, GDPR accountability |
| CSP reports | Detecting and fixing security issues in the web application |
We do not use your data for any secondary purpose (advertising, profiling, training models, resale).
4. Where Your Data Is Stored
Your data is stored in Google Firebase services — specifically Firebase Authentication (credentials) and Cloud Firestore (all other data) — running on Google Cloud Platform. Google acts as our infrastructure provider and processes data on our behalf under Google Cloud's data processing terms.
Access to data in Firestore is governed by security rules and a permission layer that checks authorization on every read and write — there are no "open" collections. Permissions are checked, never assumed.
Our long-term architecture (the StorageAdapter interface) is explicitly designed so that no data is locked into Firebase — this preserves your ability to take your data elsewhere, and our roadmap moves toward user-controlled, self-sovereign storage.
5. Cookies and Local Storage
The Hub uses a minimal set of cookies, all functional. There are no advertising or third-party tracking cookies.
| Name | Type | Purpose | Lifetime |
|---|---|---|---|
cybereco-auth-token | httpOnly cookie | Keeps you signed in; not readable by JavaScript, which protects it from script-injection attacks | Session; refreshed roughly every 45 minutes while active; cleared on sign-out |
cybereco-language | Cookie | Remembers your language preference (English/Spanish) | Persistent |
cybereco-theme | localStorage (on your device) | Remembers light/dark theme | Until you clear it |
| Auth cache | localStorage (on your device) | Speeds up loading your session state | Cleared on sign-out |
6. Your Data Belongs to You — Your Rights
These rights are implemented as working product features, not just legal promises:
- Access: See your data anytime from your dashboard and the My Data page.
- Export (portability): Download a copy of your data in JSON or CSV format from the My Data page. Today the export includes your profile, permissions, transactions, groups, and notifications. Additional data types (such as billing and payment records) are being added to the export. Every export is recorded in your audit log.
- Rectification: Edit your profile and settings directly in the app.
- Deletion (right to erasure): You can request deletion of your account and data, and we honor it. One-click self-service deletion is coming soon; today, contact us (Section 10) — email info@cybere.co from your account address — and we will process your request. Every data type in the platform is designed to support deletion; deletion of immutable audit logs follows legal retention constraints described below.
- Consent management: Grant or withdraw consent (marketing, data processing, cookies) at any time from your Privacy settings page. Withdrawal takes effect immediately for future processing.
- Objection and restriction: If you object to any processing described here, contact us and we will respond.
If you are in the EU/EEA, these correspond to your GDPR rights (Articles 15–21). You also have the right to lodge a complaint with your local data protection authority.
7. Data Retention
- Account data and content: Retained while your account is active. Your privacy settings include a data retention preference.
- On account deletion: Personal data and content are deleted. Data you shared into groups with other people may persist in those shared contexts to the extent needed to preserve other users' records (e.g., a settled group expense), consistent with their ownership of their own data.
- Audit logs: Retained for security and legal accountability. They are append-only by design.
- Backups: Deleted data may persist in infrastructure backups for a limited period before being purged.
8. Security
- Authentication via Firebase Authentication; session managed with an httpOnly cookie (not accessible to page scripts)
- HTTPS everywhere, with HSTS and Content Security Policy headers
- CSRF protection and rate limiting on the API
- Permission checks on every data operation — deny by default
- Append-only audit logging of security-relevant events
- Periodic security audits of the codebase (the data layer packages are Apache-2.0 and independently inspectable)
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify affected users without undue delay.
9. Children
The Hub is not directed at children. You must be at least 18 years old to create an account (see our Terms of Service).
10. Contact
Questions, rights requests, or concerns about this policy:
- Open an issue at github.com/cyber-eco/cybereco-hub/issues (for non-sensitive matters)
- Email: info@cybere.co
11. Changes to This Policy
If we change this policy, we will update the "Last updated" date and, for material changes, notify you in the app before the changes take effect. Consent records are versioned, so you will be asked to re-consent where required. We will never change this policy in a way that retroactively claims rights over your data — that would violate the tenets this platform is built on.
This policy reflects the CyberEco philosophy: your digital presence should empower you, not exploit you. If you find any discrepancy between this document and how the platform actually behaves, please report it — that is a bug we will fix.